Computer hosts are subject to a variety of attacks, such as denial of service, privilege elevation, directory traversal, buffer overflow, unauthorized remote or local execution/access, information leakage, and the like. Such attacks can be particularly damaging and costly for enterprises such as corporations, governments and other large organizations. As a result, an industry has been developed to protect against such attacks. For example, protective software is developed proactively, in anticipation of future attacks. Although proactive protection can prevent a large class of attacks, host intrusion prevention cannot solely rely on proactive protection. There are many other possible attack vectors available on a system, and no proactive system can guarantee 100% coverage against known and unknown attacks, including those not yet developed. Current applications and operating systems are far too complex for any intrusion prevention system to accurately identify all possible attack vectors. Thus, there is a need for a broad and flexible system that can react to any possible vulnerability or attack in a timely manner.
Further, the current and most effective method of reactively handling vulnerabilities is to patch the system. When a vulnerability is discovered, a patch is created, typically by an independent software vendor (ISV). A typical patch replaces an executable file or dynamically linked library, requiring a restart of the application or a reboot of the system to activate a patch. A typical patch process involves fixing the bugs in the code, then recompiling the code and releasing an executable with the necessary modules. However, a patch update has many of the disadvantages of a software upgrade: it typically requires a reboot of the application, it is a single monolithic change to the application that can alter the normal operating behavior, eliminating a problematic patch is cumbersome, and there is no customer visibility into the effectiveness of a patch.
A technique is needed for protecting software which addresses the above and other issues.